Lucene search

K

All F-Secure And WithSecure Endpoint Protection Products For Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper Security Vulnerabilities

cve
cve

CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

5.8AI Score

EPSS

2024-06-25 10:15 PM
2
nvd
nvd

CVE-2024-30112

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

EPSS

2024-06-25 10:15 PM
2
ibm
ibm

Security Bulletin: Maximo Application Suite - follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz are vulnerable to CVE-2024-28849 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses follow-redirects-1.15.4.tgz and follow-redirects-1.15.5.tgz which are vulnerable to CVE-2024-28849. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION:...

6.5CVSS

6.7AI Score

0.0004EPSS

2024-06-25 10:09 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl is vulnerable to multiple security CVEs used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses torch-1.13.1-cp37-cp37m-manylinux1_x86_64.whl which is vulnerable to multiple security CVEs. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-31583 DESCRIPTION:...

8.2AI Score

0.0004EPSS

2024-06-25 10:08 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - Multiple Netty package is vulnerable to CVE-2024-29025 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses multiple Netty package which is vulnerable to CVE-2024-29025. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-25 10:08 PM
ibm
ibm

Security Bulletin: Maximo Application suite - express-4.18.2.tgz is vulnerable to CVE-2024-29041 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses express-4.18.2.tgz which is vulnerable to CVE-2024-29041. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote...

6.1CVSS

7.1AI Score

0.0004EPSS

2024-06-25 10:07 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - jose4j is vulnerable to CVE-2023-51775 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses jose4j which is vulnerable to CVE-2023-51775. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by.....

7.2AI Score

0.0004EPSS

2024-06-25 10:06 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - gunicorn-20.1.0-py3-none-any.whl is vulnerable to CVE-2024-1135 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses gunicorn-20.1.0-py3-none-any.whl which is vulnerable to CVE-2024-1135. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION: **Gunicorn is vulnerable to...

7.5CVSS

6.1AI Score

0.0004EPSS

2024-06-25 10:05 PM
ibm
ibm

Security Bulletin: Maximo Application Suite - bcprov-jdk18on-1.76.jar is vulnerable to CVE-2024-30171 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses bcprov-jdk18on-1.76.jar which is vulnerable to CVE-2024-30171. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30171 DESCRIPTION: **The Bouncy Castle Crypto Package...

6.4AI Score

0.0004EPSS

2024-06-25 10:05 PM
openbugbounty
openbugbounty

nordicbiosite.com Cross Site Scripting vulnerability OBB-3938898

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:51 PM
4
malwarebytes
malwarebytes

Neiman Marcus confirms breach. Is the customer data already for sale?

Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....

7.5AI Score

2024-06-25 09:35 PM
2
cvelist
cvelist

CVE-2024-30112 HCL Connections is vulnerable to a cross-site scripting (XSS) vulnerability

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials...

5.4CVSS

EPSS

2024-06-25 09:28 PM
2
openbugbounty
openbugbounty

baseballquebec.com Cross Site Scripting vulnerability OBB-3938896

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 09:28 PM
3
nvd
nvd

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

EPSS

2024-06-25 09:16 PM
3
cve
cve

CVE-2024-5016

In WhatsUp Gold versions released before 2023.1.3, Distributed Edition installations can be exploited by using a deserialization tool to achieve a Remote Code Execution as SYSTEM. The vulnerability exists in the main message processing routines NmDistributed.DistributedServiceBehavior.OnMessage...

7.2CVSS

7.2AI Score

EPSS

2024-06-25 09:16 PM
2
cve
cve

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

5.3CVSS

5.4AI Score

EPSS

2024-06-25 09:16 PM
3
nvd
nvd

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

5.3CVSS

EPSS

2024-06-25 09:16 PM
2
nvd
nvd

CVE-2024-5018

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Path Traversal vulnerability exists Wug.UI.Areas.Wug.Controllers.SessionController.LoadNMScript. This allows allows reading of any file from the applications web-root directory...

5.3CVSS

EPSS

2024-06-25 09:16 PM
2
nvd
nvd

CVE-2024-5017

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...

6.5CVSS

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5017

In WhatsUp Gold versions released before 2023.1.3, a path traversal vulnerability exists. A specially crafted unauthenticated HTTP request to AppProfileImport can lead can lead to information...

6.5CVSS

6.2AI Score

EPSS

2024-06-25 09:16 PM
2
cve
cve

CVE-2024-5019

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Arbitrary File Read issue exists in Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS. This vulnerability allows reading of any file with iisapppool\NmConsole...

5.3CVSS

5.5AI Score

EPSS

2024-06-25 09:16 PM
2
cve
cve

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

7.1CVSS

6.8AI Score

EPSS

2024-06-25 09:16 PM
3
nvd
nvd

CVE-2024-5015

In WhatsUp Gold versions released before 2023.1.3, an authenticated SSRF vulnerability in Wug.UI.Areas.Wug.Controllers.SessionControler.Update allows a low privileged user to chain this SSRF with an Improper Access Control vulnerability. This can be used to escalate privileges to...

7.1CVSS

EPSS

2024-06-25 09:16 PM
1
nvd
nvd

CVE-2024-5012

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...

8.6CVSS

EPSS

2024-06-25 09:16 PM
1
nvd
nvd

CVE-2024-5013

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...

7.5CVSS

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5013

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Denial of Service vulnerability was identified. An unauthenticated attacker can put the application into the SetAdminPassword installation step, which renders the application...

7.5CVSS

7.6AI Score

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...

7.1CVSS

6.8AI Score

EPSS

2024-06-25 09:16 PM
2
nvd
nvd

CVE-2024-5014

In WhatsUp Gold versions released before 2023.1.3, a Server Side Request Forgery vulnerability exists in the GetASPReport feature. This allows any authenticated user to retrieve ASP reports from an HTML...

7.1CVSS

EPSS

2024-06-25 09:16 PM
1
cve
cve

CVE-2024-5012

In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential...

8.6CVSS

8.6AI Score

EPSS

2024-06-25 09:16 PM
1
nvd
nvd

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API...

EPSS

2024-06-25 09:15 PM
2
cve
cve

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...

7AI Score

EPSS

2024-06-25 09:15 PM
2
nvd
nvd

CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

EPSS

2024-06-25 09:15 PM
1
nvd
nvd

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2...

EPSS

2024-06-25 09:15 PM
2
cve
cve

CVE-2024-37843

Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API...

7.9AI Score

EPSS

2024-06-25 09:15 PM
2
cve
cve

CVE-2024-38516

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and...

8.8CVSS

8.6AI Score

EPSS

2024-06-25 09:15 PM
5
nvd
nvd

CVE-2024-21740

Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access...

EPSS

2024-06-25 09:15 PM
cve
cve

CVE-2024-21740

Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access...

6.8AI Score

EPSS

2024-06-25 09:15 PM
1
nvd
nvd

CVE-2024-21739

Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access...

EPSS

2024-06-25 09:15 PM
1
cve
cve

CVE-2024-21739

Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access...

6.8AI Score

EPSS

2024-06-25 09:15 PM
1
cbl_mariner
cbl_mariner

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...

7.5CVSS

7.8AI Score

0.003EPSS

2024-06-25 09:08 PM
15
cbl_mariner
cbl_mariner

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1

CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

5.3CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
12
cbl_mariner
cbl_mariner

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1

CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.005EPSS

2024-06-25 09:08 PM
6
cbl_mariner
cbl_mariner

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1

CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

5.3CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
5
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1

CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.732EPSS

2024-06-25 09:08 PM
11
cbl_mariner
cbl_mariner

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1

CVE-2023-45287 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-25 09:08 PM
6
cbl_mariner
cbl_mariner

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0

CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...

5.5CVSS

6AI Score

0.001EPSS

2024-06-25 09:08 PM
20
cbl_mariner
cbl_mariner

CVE-2023-7008 affecting package systemd for versions less than 123

CVE-2023-7008 affecting package systemd for versions less than 123. A patched version of the package is...

5.9CVSS

5.8AI Score

0.001EPSS

2024-06-25 09:08 PM
12
cbl_mariner
cbl_mariner

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1

CVE-2023-45285 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-25 09:08 PM
1
cbl_mariner
cbl_mariner

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38

CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...

5.3CVSS

5.8AI Score

0.001EPSS

2024-06-25 09:08 PM
9
cbl_mariner
cbl_mariner

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10

CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...

7.5CVSS

7.8AI Score

0.732EPSS

2024-06-25 09:08 PM
35
Total number of security vulnerabilities3304538